1. Field of the Invention
The invention relates generally to a method of communications and communication network intrusion protection methods and intrusion attempt detection system.
2. Discussion of the Background
Historically, every technology begins its evolution focusing mainly on performance parameters, and only at a certain developmental stage does it address the security aspects of its applications. Computer and communications networks follow this pattern in a classic way. For instance, first priorities in development of the Internet were reliability, survivability, optimization of the use of communications channels, and maximization of their speed and capacity. With a notable exception of some government systems, communications security was not an early high priority, if at all. Indeed, with a relatively low number of users at initial stages of Internet development, as well as with their exclusive nature, problems of potential cyber attacks would have been almost unnatural to address, considering the magnitude of other technical and organizational problems to overcome at that time. Furthermore, one of the ideas of the Internet was “democratization” of communications channels and of access to information, which is almost contradictory to the concept of security. Now we are faced with a situation, which requires adequate levels of security in communications while preserving already achieved “democratization” of communications channels and access to information.
All the initial objectives of the original developers of the Internet were achieved with results spectacular enough to almost certainly surpass their expectations. One of the most remarkable results of the Internet development to date is the mentioned “democratization”. However in its unguarded way “democratization” apparently is either premature to a certain percentage of the Internet users, or contrary to human nature, or both. The fact remains that this very percentage of users presents a serious threat to the integrity of national critical infrastructure, to privacy of information, and to further advance of commerce by utilization of the Internet capabilities. At this stage it seems crucial to address security issues but, as usual, it is desirable to be done within already existing structures and technological conventions.
Existing communications protocols, while streamlining communications, still lack underlying entropy sufficient for security purposes. One way to increase entropy, of course, is encryption as illustrated by U.S. Pat. No. 5,742,666 to Finley. Here each node in the Internet encrypts the destination address with a code which only the next node can unscramble.
Encryption alone has not proven to be a viable security solution for many communications applications. Even within its core purpose, encryption still retains certain security problems, including distribution and safeguarding of the keys. Besides, encryption represents a “ballast”, substantially reducing information processing speed and transfer time. These factors discourage its use in many borderline cases.
Another way is the use of the passwords. This method has been sufficient against humans, but it is clearly not working against computers. Any security success of the password-based security is temporary at best. Rapid advances in computing power make even the most sophisticated password arrangement a short-term solution.
Recent studies clearly indicate that the firewall technology, as illustrated by U.S. Pat. No. 5,898,830 to Wesinger et al., also does not provide a sufficient long-term solution to the security problem. While useful to some extent, it cannot alone withstand the modern levels of intrusion cyber attacks.
On the top of everything else, none of the existing security methods, including encryption, provides protection against denial of service attacks. Protection against denial of service attacks has become a critical aspect of communication system security. All existing log-on security systems, including those using encryption, are practically defenseless against such attacks. Given a malicious intent of a potential attacker, it is reasonable to assume that, even having failed with an intrusion attempt, the attacker is still capable of doing harm by disabling the system with a denial of service attack. Since existing systems by definition have to deal with every log-on attempt, legitimate or not, it is certain that these systems cannot defend themselves against a denial of service attack.
The deficiencies of existing security methods for protecting communications systems leads to the conclusion that a new generation of cyber protection technology is needed to achieve acceptable levels of security in network communications.